package com.maltys.config.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
@Profile("session")
public class SessionSecurityConfig extends BaseSecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChainForSession(HttpSecurity httpSecurity) throws Exception {
        return httpSecurity.authorizeRequests()
                // 放行的请求
                .antMatchers("/user/registry").permitAll()
                .anyRequest().authenticated()
                // 表单登录
                .and().formLogin().loginPage("/login").permitAll()
                // 注销放行
                .and().logout().permitAll()
                .and().csrf().disable().build();
    }
}
